Data processing device and data processing method

ABSTRACT

When an application issues an access request to a device via a driver, the application can immediately perform other processing. 
     An IC memory  12  for performing predetermined processing such as encryption processing and decryption processing, an application for performing processing using the IC memory  12,  an IC memory handler  14  for performing access processing to the IC memory  12,  and a driver  12  that invokes the IC memory handler  14  according to an instruction from the application and returns a response to the effect that the instruction has been accepted to the application, are provided.

TECHNICAL FIELD

The present invention relates to a data processing apparatus and a dataprocessing method that execute an application that can access a devicesuch as IC memory via a driver.

BACKGROUND ART

When an application running on an apparatus attempts to access anexternal device such as an IC memory, a driver to an access IC memorycan usually be used to access the IC memory. That is, the applicationoutputs an access request to the driver, and then the driver performsspecific processing in accordance with the request such asreading/writing data from/to the IC memory and, after the processing iscompleted, obtains data read from the IC memory or a response to thedata writing. When the driver outputs a response result of theprocessing or data obtained through the processing to the application,the application can obtain a result of the access request to the ICmemory.

DISCLOSURE OF THE INVENTION

However, if an application makes an access request to a device such asan IC memory via a driver, the application is forced to remain in a waitstate until a result such as a response is received from the driver.After issuing an access request to the IC memory, depending onprocessing content, the application may perform application's originalprocessing without obtaining an access result from the IC memory, butsince the application is already in a wait state, a problem thatapplication's original processing cannot be performed and a processingspeed is slowed or the like arises.

Therefore, an object of the present invention is to realize a dataprocessing apparatus and a data processing method that can perform otherprocessing immediately after an application issues an access request toa device via a driver.

To solve the above problem, a data processing apparatus according to thepresent invention comprises a device for performing predeterminedspecific processing, an application for performing processing using thedevice, a handler means for performing access processing to the device,and a driver means for invoking the handler means according to aninstruction from the application and notifying to the application theeffect that the instruction has been accepted.

In the above configuration of the present invention, the driver meansresponds to an inquiry from the application and at the same time, bycausing the handler means to access the device in response to a requestfrom the application, the driver means can immediately return a responseto the application so that the application can perform applicationprocessing without waiting for a response of a final processing resultin the device. Also, by performing access processing to the device viathe handler means simultaneously, the application is not forced to waituntil device processing is completed so that the application can realizeswift processing without waiting for a response from the driver.

Also, the data processing apparatus according to the present inventionmay be constructed to further comprise: a plurality of handler meansaccording to processing content; and a storing means for storinginformation representing a correspondence relationship between adestination to which a message generated by the application or thedevice is to be transmitted and a handler means, wherein the drivermeans, when receiving a message generated by the application or thedevice, invokes the handler means corresponding to the destination,based on a destination described in the message and information of thecorrespondence relationship stored in the storing means.

Since a plurality of handler means are provided in the aboveconfiguration of the present invention, a plurality of processing can bedealt with and an easy-to-use data processing apparatus can be realized.

Also, the data processing apparatus according to the present inventionmay also be configured to further comprise a communication means fortransmitting and receiving the message via a network, wherein a handlermeans invoked by the driver means transmits a message to a predetermineddestination using the communication means.

In a data processing method according to the present invention using adata processing apparatus on a transmitting side having an applicationfor performing processing using a device, a driver means for acceptingan access request to the device from the application, and a handlermeans for performing access processing to the device and transmitting amessage, and a data processing apparatus on a receiving side forreceiving a message transmitted from the data processing apparatus, thedata processing method comprises: a requesting step in which anapplication makes an access request to the device to the driver means;an invoking step in which the driver means invokes a handler means forperforming access processing to the device; a responding step in whichthe driver means responds to the access request of the application; aselecting step in which the driver means selects a handler means fromamong a plurality of handler means corresponding to the destination ifthe driver means obtains a message having the destination and data to betransmitted from the invoked handler means as a result of accessing tothe device; a transmitting step in which the selected handler meanstransmits the message to the destination, or the data processingapparatus on the receiving side; and a transferring step in which thedata processing apparatus on the receiving side transfers the receivedmessage to a device specified by a destination described in the receivedmessage.

In the above configuration of the present invention, by transmitting amessage via a network by invoking a handler means corresponding to adestination contained in the message, there is no need particularly foran application to wait for a processing result of processing taking along time such as processing via a network and thus swift processing ofthe application can be expected.

Further, the data processing apparatus according to the presentinvention comprises a shared memory for registering a message attachedwith a data destination, an application for registering a message in theshared memory and, after registering the message, performing otherprocessing, and a handler means for always monitoring messagesregistered in the shared memory and, when a message attached with aspecific data destination is registered, obtaining the message.

Also, a data processing method according to the present inventioncomprises: a registration step in which the application for registeringa message in shared memory in which a message attached with a datadestination is registered; a execution step in which the application,after the registration step, performs specific processing; and aretrieving step in which a handler means for monitoring messagesregistered in the shared memory, when judging that a message attachedwith a specific data destination has been registered in the sharedmemory, performs retrieving processing of the registered message.

In the above configuration of the present invention in which the handlermeans is provided for registering a message in the shared memory andmonitoring messages registered in the shared memory, and when a specificmessage is registered in the shared memory, the corresponding handlermeans retrieves the message to perform specific processing to themessage and the application is enabled to perform application's originalprocessing after registration processing, the application can realizeswift processing without waiting for processing in the device.

In the present invention, a driver means responds to an inquiry from anapplication and, by causing a handler means to access a device inresponse to a request from the application, a response can immediatelybe returned to the application from the driver means so that theapplication can perform processing without waiting for a finalprocessing result in the device. Also, by performing access processingto the device via the handler means simultaneously, the application isnot forced to wait until device processing is completed so that theapplication can realize swift processing without waiting for a responsefrom the driver.

Also, by configuring the present invention in such a way that thehandler means is provided for registering a message in the shared memoryand monitoring messages registered in the shared memory and, when aspecific message is registered in the shared memory, the correspondinghandler means retrieves the message to perform specific processing tothe message and the application is enabled to perform application'soriginal processing after registration processing, the application canrealize swift processing without waiting for processing in the device.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of data processing apparatuses 100 and 100 ain the present invention.

FIG. 2 is an illustration showing a specific example of a managementtable 17 in the present invention.

FIG. 3 is an illustration showing a specific example of a managementtable 17 a in the present invention.

FIG. 4 is a sequence diagram of signal processing using the dataprocessing apparatuses 100 and 100 a in the present invention.

FIG. 5 is a block diagram of data processing apparatuses 200 and 200 ain another embodiment of the present invention.

FIG. 6 is a sequence diagram of signal processing using the dataprocessing apparatuses 200 and 200 a in the present invention.

DESCRIPTION OF THE REFERENCE SYMBOLS

11: application; 12: driver; 13: application handler; 14: IC memoryhandler; 15: communication handler; 16: IC memory; 17: handlermanagement table; 18: communication part; 19: display part

BEST MODES FOR CARRYING OUT THE INVENTION

A data processing apparatus and a data processing method according tothe present invention will be described with reference to drawings. FIG.1 is a block diagram of data processing apparatuses in the presentinvention.

A data processing apparatus 100 according to the present invention iscomprised of an application 11 (application of the present invention)(holding an application handler 13 (handler means of the presentinvention) therein), a driver 12 (driver means of the presentinvention), an IC memory handler 14 (handler means of the presentinvention), a communication handler 15 (handler means of the presentinvention), an IC memory 16 (device of the present invention), a handlermanagement table 17 (storing means of the present invention), acommunication part 18 (communicating means of the present invention),and a display part 19. Similarly, a data processing apparatus 100 a,which is a communication partner of the present invention, is comprisedof an application 11 a (holding an application handler 13 a inside), adriver 12 a, an IC memory handler 14 a, a communication handler 15 a, anIC memory 16 a, a handler management table 17 a, a communication part 18a, and a display part 19 a.

The application 11 is activated and operated in the data processingapparatus 100 to perform specific processing. In the present example,the application 11 is an application that can verify an electronicsignature and has functions to make a request of transmission of amessage to which an electronic signature is to be attached to request acommunication partner to attach an electronic signature and, along withthe request, to demand a public key certificate from a public keyauthentication server and make an inquiry at a validity verificationserver about validity of the public key to verify the requestedelectronic signature based on the above processed information.

The driver 12 has functions to invoke, when accepting a transmissionrequest of a message to which an electronic signature should be attachedfrom the application 11, the IC memory handler 14 to request encryptionprocessing of the message to be transmitted and to return a response ofacceptance of the transmission request to the application 11. The driver12 invokes the communication handler 15 to transmit the encryptedmessage to an apparatus to attach an electronic signature to theencrypted message, that is, the data processing apparatus 100 a.Furthermore, when data to which an electronic signature is attached isreceived from the data processing apparatus 100 a, the driver 12 invokesthe IC memory handler 14 to perform decryption processing and, whendecrypted data is received, the driver 12 invokes the applicationhandler 13 inside the application 11 to cause the application handler 13to verify the electronic signature.

Incidentally, a driver in general is software that acts as a go-betweenwhen connecting an application and hardware and the driver in thepresent invention has a function, in addition to being software actingas a go-between when connecting an application and hardware, to invoke ahandler for connecting to hardware.

The application handler 13 is a handler held inside the application and,when the handler is invoked, application processing is interrupted toperform specific processing. In the present invention, verificationprocessing of an electronic signature is performed. Here, a handlerrefers to an interrupt handling routine that is activated by an externalinterrupt and, in the present embodiment, is a program that is invokedby the driver 12 and performs access processing to a device such as theIC memory 16 or performs interrupt processing to application processing.

The IC memory handler 14 is a handler for accessing the IC memory 16 andtransmits data to be encrypted or data to be decrypted to the IC memory16 when encryption processing or decryption processing of a messageneeds to be performed in the IC memory 16.

The communication handler 15 is a handler for performing communicationprocessing. The communication handler 15 is invoked by the driver 12according to a destination written in a message processed and generatedby the IC memory 16 and performs transmission processing to thepredetermined destination. In the present invention, an IP address ofthe data processing apparatus 100 a as a destination when encryptionprocessing is performed is stored in a memory (not shown) in advance andthe IP address is read when transmitting a message. Note that, thecommunication handler 15 may obtain an IP address by placing a serverassociating a destination ID with the IP address in a network andtransmitting a destination ID to the server.

The IC memory 16 is memory composed of non-volatile memory, and isdetachably mounted and mainly used for encryption processing anddecryption processing.

The handler management table 17 stores a handler to be invokedcorresponding to a destination (destination specifying a device providedin own apparatus or in an external apparatus) written in a messagetransmitted by the application 11 or each of the above handlers. FIG. 2is an illustration showing a concrete example of the management table17.

The handler management table 17 stores a destination specifying a deviceand a handler to be invoked by associating with each other. When amessage composed of three items of <transmission source, transmissiondestination, data content> is transmitted to the driver 12, the driver12 judges which handler is to be invoked based on the destinationwritten in the transmitted message and the handler management table 17and invokes the relevant handler. Besides, a destination is representedby an ID specifying a device and each device (an IC memory, anapplication and the like) can be specified using the ID.

The communication part 18 conducts communication with a communicationpartner via a network under control of the communication handler 15.

The display part 19 displays a result of verifying an electronicsignature signed with the data processing apparatus 100 a.

The data processing apparatus 100 a is an apparatus for accepting arequest of electronic signature from the data processing apparatus 100.

The IC memory 16 a decrypts a message transmitted from the dataprocessing apparatus 100 and attaches an electronic signature to thedecrypted message. Then, the IC memory 16 a encodes the message attachedwith the electronic signature and returns the message to the IC memorydriver 14.

Other components are the same as those of the data processing apparatus100. Incidentally, contents to be stored in the handler management table17 a are different from those described in the handler management table17. FIG. 3 shows a specific example thereof. As show in the figure, ahandler invoking the IC memory 16 a in the data processing apparatus 100a and the communication handler 15 of the data processing apparatus 100are stored being associating with each other so that they can be invokedaccording to a destination written in a message.

A specific example when an electronic signature is carried out betweenthe data processing apparatuses 100 and 100 a thus configured and theelectronic signature is verified will be described. FIG. 4 is a sequencediagram when performing processing therefor.

The application 11 accepts an ID of the IC memory 16 that performsencryption processing, an ID of the IC memory 16 a that attaches anelectronic signature, and data attached with an electronic signature byuser operations, makes a request to the data processing apparatus 100 a,which is a destination of the accepted IC memory 16, to attach anelectronic signature, and outputs a message m1<ID of the application 11,ID of the IC memory 16, ID of the IC memory 16 a, and data M> to thedriver 12 (S101). The application 11 receives a response to the requestto attach an electronic signature from the driver 12, and then startsverification processing of the electronic signature. First, theapplication 11 transmits a request message to request a public keycertificate, which is a certificate of a public key of the IC memory 16a, to a public key certificate server to obtain a public key certificatefrom the public key certificate server (S102). Incidentally, a publickey certificate is to certify an association between a user and a publickey under the responsibility of CA (Certificate Authority) in which anelectronic signature of the CA itself is attached to backgroundinformation of the user (full name, section, e-mail address, and thelike) and public key data.

Further, the application 11 transmits an inquiry message to a validityverification server to perform processing to make an inquiry aboutvalidity of the obtained public key certificate, and after the validityverification server verifies whether or not the public key certificateis valid, the application 11 obtains a result thereof (S103).Incidentally, the authorities for managing whether or not a public keycertificate is valid is also in charge of management and operation ofthe validity verification server and tries to return a management resultin response to an inquiry about validity.

While the application 11 performs processing described above, the driver12, the IC memory handler 14, and the communication handler 15 performprocessing below:

The driver 12 returns a response of acceptance of the transmissionrequest to the application 11 (S201) and invokes a handler correspondingto a destination written in a message received from the application 11(S202). Since here an ID of the IC memory 16 is written, thecorresponding IC memory handler 14 is invoked based on the handlermanagement table 17.

The invoked IC memory handler 14 outputs the message m1 to the IC memory16 (S203). The IC memory 16 that received the message m1 retrieves dataM from the message m1 and encrypts the data M using a predeterminedpublic key Pk2 to generate encrypted data C (S204). Then, the IC memory16 generates a message m2<ID of the IC memory 16, ID of the IC memory 16a, and C> whose transmission source is the ID of the IC memory 16 andwhose transmission destination is the ID of the IC memory 16 a writtenin a data content field of the message m1 and outputs the message m2 tothe IC memory handler 14 (S205).

The IC memory handler 14 analyzes the message m2 and requests the driver12 to transmit the encrypted data C to a destination indicated by the IDof the IC memory 16 a (S206). The driver 12 invokes the communicationhandler 15 corresponding to the destination written in the message m2based on the handler management table 17 (S207). An IP address of thedestination is already set to the invoked communication handler 15 inadvance and, when invoked, the communication handler 15 connects to thedata processing apparatus 100 a having the communication handler 15 aspecified by the set IP address for communication and transmits themessage m2 to the ID specifying the IC memory 16 a described in themessage m2 (S208). Besides, the corresponding IP address may beretrieved by placing a server in which the ID of the IC memory 16 a andan IP address of an apparatus having the IC memory 16 a are stored byassociating with each other and transmitting the ID of the IC memory 16a to the server without setting any IP address to the communicationhandler 15 a in advance.

The communication handler 15 a transmits the message m2 to the driver 12a (S209). The driver 12 a that received the message m2 invokes the ICmemory handler 14 corresponding to the destination written in themessage m2 based on the handler management table 17 a (S210). Theinvoked IC memory handler 14 a registers the message m2 in the IC memory16 a (S211).

The IC memory 16 a in which the message m2 is registered decrypts theencrypted data C written in the message m2 using a secret key Sk2 toobtain the data M (S212). Then, the IC memory 16 a generateselectronically signed data MS by attaching an electronic signature tothe data M (S213) and encrypts the MS using the public key Pk1 togenerate encrypted data CS (S214).

The IC memory 16 a generates a message m3<ID of the IC memory 16 a, IDof the IC memory 16, CS> having the encrypted data CS that is data forreturning the encrypted data CS using the transmission source andtransmission destination written in the message m2 and returns themessage m3 to the IC memory handler 14 a (S215). The IC memory handler14 a requests the driver 12 a to transmit the message m3 (S216) and thedriver 12 a invokes the communication handler 15 a corresponding to thedestination of the message m3 based on the handler management table 17 a(S217).

An IP address of the destination is already set to the invokedcommunication handler 15 a in advance and, when invoked, thecommunication handler 15 a connects to the communication handler 15specified by the set IP address for communication and transmits themessage m3 to the ID specifying the IC memory 16 (S218). Besides, thecorresponding IP address may be retrieved by placing a server in whichthe ID of the IC memory 16 and an IP address of an apparatus having theIC memory 16 are stored by associating with each other and transmittingthe ID of the IC memory 16 to the server without setting any IP addressto the communication handler 15 a in advance.

The communication handler 15 that received transmission processing fromthe communication handler 15 a outputs the message m3 to the driver 12so that it is registered (S219). The driver 12 invokes the IC memoryhandler 14 corresponding to the destination written in the message m3based on the handler management table 17 (S220).

The invoked IC memory handler 14 transmits the message m3 to thedestination specified by the ID of the IC memory 16 written in themessage m3, that is, to the IC memory 16 (S221). The IC memory 16decrypts the encrypted data CS in the transmitted message m3 using asecret key Sk1 to obtain the electronically signed data MS (S222). Then,since the IC memory 16 has the transmission source (that is, the ID ofthe application 11) written in the message m1 received in S203 stored init, the IC memory 16 generates a message m4<ID of the IC memory 16, IDof the application 11, MS> having the electronically signed data MSusing the stored transmission source and returns the message m4 to theIC memory handler 14 so that the message m4 can be delivered to theapplication 11 (S223). The IC memory handler 14 further transmits themessage m4 to the driver 12 (S224).

The driver 12 invokes the application handler 13 corresponding to the IDof the application 11, which is the destination written in the messagem4, based on the handler management table 17 (S225).

The invoked application handler 13 interrupts processing of theapplication 11 for activation (S104). Then, the activated applicationhandler 13 verifies whether or not the electronic signature of the dataMS in the message m4 is valid. That is, whether or not the public keythat provided an electronic signature to the MS and the public keydescribed in the above-described public key certificate judged to bevalid match is judged and, if they match, it is judged that theelectronic signature attached to the data MS written in the message m4is valid and, if they do not match, it is judged that the electronicsignature is invalid (S105). Then, a judgment result thereof is outputto the display part (S106). Incidentally, it is assumed that, before theinvoking processing of the application handler 13 is performed in S225,a request of a public key certificate and validity verification in S102and S103 respectively have been completed.

With the above processing, an electronic signature is attached to datato be transmitted and validity of the electronic signature is verified,and then the user can perform transmission processing of data attachedwith a validated electronic signature to any destination.

As mentioned above, an effect obtained by making a transmission requestfrom the application 11 to the driver 12 and returning an acceptanceresponse to the transmission request from the driver 12 to theapplication 11 will be described.

By making a transmission request to the driver 12 and receiving aresponse of acceptance thereof from the driver 12, there is no need forthe application 11 to wait until a processing result in response to thetransmission request arrives from the driver 12 and the application 11can perform other processing to achieve efficient processing.

Next, another embodiment using a shared memory instead of a driver willbe described.

FIG. 5 is a block diagram of the data processing apparatus 200, which isanother embodiment.

A data processing apparatus 200 according to the present invention iscomprised of an application 101 (application of the present invention)(holding an application handler 103 (handler means of the presentinvention) therein), a shared memory 102 (shared memory of the presentinvention), an IC memory handler 104 (handler means of the presentinvention), a communication handler 105 (handler means of the presentinvention), an IC memory 106, a communication part 107, and a displaypart 108. Similarly, a data processing apparatus 200 a, which is acommunication partner of the present invention, is comprised of anapplication 101 a (holding the application handler 13 a inside), ashared memory 102 a, an IC memory handler 104 a, a communication handler105 a, an IC memory 106 a, a communication part 107 a, and a displaypart 108 a.

The application 101 is activated and operated inside the data processingapparatus 200 to perform predetermined processing. In the presentexample, the application 101 is an application that can verify anelectronic signature and has functions to make a transmission request ofa message to which an electronic signature is attached, and along withthe request, to demand a public key certificate from a public keyauthentication server and make an inquiry at a validity verificationserver about validity of a public key to verify the requested electronicsignature based on the above processed information.

The application handler 103 is a handler held inside the application andthis handler always monitors the shared memory 102. When a message withan ID specifying the application as a destination is registered in theshared memory, the application handler 103 performs interruptprocessing. In the present invention, verification processing of anelectronic signature is performed. A handler in the present embodimentrefers to an interrupt handling routine activated by an externalinterrupt, always monitors the shared memory 102 and, if a predeterminedcondition is satisfied (for example, a predetermined destination is setto a message), a handler satisfying the condition performs interruptprocessing for operation.

The IC memory handler 104 is a handler for accessing the IC memory 106and this handler always monitors the shared memory 102. When a messagesatisfying a specific condition is registered in the shared memory 102,the IC memory handler 104 performs interrupt processing for accessingthe IC memory 106. When a write operation is performed to the sharedmemory 102, the IC memory handler 104 returns, immediately afterperforming the write operation, to processing to perform a monitoringoperation of the shared memory 102. In the present invention, if amessage writing an ID that specifies the IC memory 105 as a destinationis registered in the shared memory 102, the IC memory handler 104performs an operation to obtain the message and outputs the obtainedmessage to the IC memory 106. Then, the IC memory handler 104 outputsthe message to the IC memory 105 to cause the IC memory 105 to performencryption processing or decryption processing of the message. When datafor which encryption processing or decryption processing has beenperformed is received from the IC memory 105, the IC memory handler 104performs write processing of the data to the shared memory 102.

The communication handler 105 is a handler for performing communicationprocessing and this handler always monitors the shared memory 102. Whena message satisfying a specific condition is registered in the sharedmemory, the communication handler 105 performs interrupt processing forcommunication. In the present invention, if a message registered in theshared memory 102 describes an ID of each device incorporated in thedata processing apparatus 200 a as a destination, the communicationhandler 105 retrieves an IP address corresponding to an ID written inthe message as a transmission destination from separately stored memoryand transmits the message to the extracted IP address. The communicationhandler 105 has memory in which an ID described as a transmissiondestination and an IP address as a physical destination are stored byassociating with each other, and retrieves an IP address correspondingto an ID written as a destination of a registered message to perform,together with the ID written as a destination of the message to therelevant IP address, transmission processing of transmission data. Also,when a message received from the data processing apparatus 200 a isreceived, the communication handler 105 performs write processing of thereceived message into the shared memory 102.

The IC memory 106 is a memory composed of non-volatile memory, and isdetachably mounted and mainly used for encryption processing anddecryption processing.

The communication part 107 conducts communication with a partner via anetwork.

The display part 108 displays a result of verifying an electronicsignature signed with the data processing apparatus 200 a.

Next, the configuration of the data processing apparatus 200 a will bedescribed. The data processing apparatus 200 a is an apparatus forreceiving a request of electronic signature from the data processingapparatus 200.

The IC memory 106 a decrypts a message transmitted from the dataprocessing apparatus 200 and attaches an electronic signature to thedecrypted message. Then, the IC memory 106 a encodes the messageattached with the electronic signature and transmits the message to theIC memory driver 104.

Other components are the same as those of the data processing apparatus200.

A specific example when an electronic signature is carried out betweenthe data processing apparatuses 200 and 200 a thus configured and theelectronic signature is verified will be described. FIG. 6 is a sequencediagram when performing processing therefor.

To make a request of attachment of an electronic signature to data, theapplication 101 accepts input of an ID of the IC memory 106 and an ID ofthe IC memory 106 a from a user, generates the message m1<ID of theapplication 101, ID of the IC memory 106, ID of the IC memory 106 a, anddata M> using the accepted IDs of the IC memory 106 and the IC memory106 a, and writes the message m1 into the shared memory 102 (S301).

After registering a request of attachment of an electronic signature inthe shared memory 102, the application 101 starts signature verificationprocessing. First, the application 11 transmits a request message torequest a public key certificate, which is a certificate of a public keyof the IC memory 16 a, to a public key certificate server to obtain apublic key certificate from the public key certificate server (S102). Apublic key certificate is to certify an association between a user and apublic key under the responsibility of CA (Certificate Authority) inwhich an electronic signature of the CA itself is attached to backgroundinformation of the user (full name, section, e-mail address, and thelike) and public key data.

The application 11 also transmits an inquiry message to a validityverification server to perform processing of making an inquiry aboutvalidity of the obtained public key certificate, and after the validityverification server verifies whether or not the public key certificateis valid, the application 101 obtains a result thereof (S103).Incidentally, the authorities for managing whether a public keycertificate is valid is also in charge of management and operation ofthe validity verification server and tries to return management resultsin response to an inquiry about validity.

While the application 101 performs processing described above, the ICmemory handler 104 and the communication handler 105 perform processingshown below:

When the message m1 in which the ID of the IC memory 106 as adestination is described is written into the shared memory 102, the ICmemory handler 104 detects that the message m1 including the ID of theIC memory 106 as a destination has been registered, retrieves themessage m1 (S401), and outputs the message to the IC memory 106 (S403).The IC memory 106 encrypts the data M included in the message m1 usingthe public key Pk2 provided in advance to generate data C (S404). Then,the IC memory 106 generates a message m2<ID of the IC memory 106, ID ofthe IC memory 106 a, and C> whose transmission source is the ID of theIC memory 106 and whose transmission destination is the ID of the ICmemory 106 a and returns the message m2 to the IC memory handler 104(S405).

The IC memory handler 104 writes the message m2 into the shared memory102 (S406). When the communication handler 105 detects that the messagem2 in which the ID of the IC memory 106 a is described as a destinationhas been registered in the shared memory 102, the communication handler105 retrieves the message m2 (S407). An IP address of a destination isset to the communication handler 105 in advance and, when interruptprocessing is performed, the communication handler 105 connects to thedata processing apparatus 200 a having the communication handler 105 aspecified by the set IP address for communication and transmits theretrieved message m2 to the ID specifying the IC memory 106 a (S408).Besides, the corresponding IP address may be retrieved by placing aserver in which the ID of the IC memory 106 a and an IP address of anapparatus having the IC memory 106 a are stored by associating with eachother and transmitting the ID of the IC memory 106 a to the serverwithout setting any IP address to the communication handler 15 a inadvance.

Next, the communication handler 105 a of the data processing apparatus200 a writes the received message m2 into the shared memory 102 (S409).The IC memory handler 104 a always monitors the shared memory 102 a and,when it detects that the message m2 in which the ID of the IC memory 106a is described as a transmission destination has been registered in theshared memory 102, the IC memory handler 104 retrieves the message m2(S410) and transmits the message to the IC memory 106 a (S411).

The IC memory 106 a decrypts the encrypted data C included in themessage m2 using the secret key Sk2 to obtain the data M (S412) andgenerates electronically signed data MS by attaching an electronicsignature to the data M (S413). Then, the IC memory 106 a encrypts theelectronically signed data MS using the public key Pk1 to generateencrypted data CS (S414).

The IC memory 106 a generates a message m3<ID of the IC memory 106 a, IDof the IC memory 106, CS> having the encrypted data CS that is data forreturning the encrypted data CS using the transmission source andtransmission destination written in the message m2 and returns themessage m3 to the IC memory handler 104 a (S415). The IC memory handler104 a then writes the message m3 into the shared memory 102 a (S416).When the communication handler 105 a detects that the message m2 inwhich the ID of the IC memory 106 a is written as a destination has beenregistered in the shared memory 102, the IC memory handler 105 aretrieves the message m2 (S417).

An IP address of a destination is set to the communication handler 105 ain advance and, when interrupt processing is performed, thecommunication handler 105 a connects to the data processing apparatus200 a having the communication handler 105 specified by the set IPaddress for communication and transmits the retrieved message m3 to theID specifying the IC memory 106 (S418). Besides, the corresponding IPaddress may be retrieved by placing a server in which the ID of the ICmemory 106 and an IP address of an apparatus having the IC memory 106are stored by associating with each other and transmitting the ID of theIC memory 106 to the server without setting any IP address to thecommunication handler 105 a in advance.

When the communication handler 105 receives the message m3, thecommunication handler 105 writes the message m3 into the shared memory102 (S419).

When the IC memory handler 104 detects the message m3 in which the ID ofthe IC memory 106 is described as a destination in the shared memory102, the IC memory handler 104 retrieves the message m3 (S420) andtransmits the message m3 to the IC memory 106 (S421). The IC memory 16decrypts the encrypted data CS in the received message m3 using thesecret key Sk1 to obtain electronically signed data MS (S422). Then,since the IC memory 106 has the transmission source (that is, the ID ofthe application 101) written in the message ml received in S403 storedin it, the IC memory 16 generates a message m4 <ID of the IC memory 16,ID of the application 11, MS> having the electronically signed data MSusing the stored transmission source and returns the message m4 to theIC memory handler 14 so that the message m4 can be delivered to theapplication 101 (S423).

The IC memory handler 104 writes the message m4 into the shared memory102 (S424). When the application handler 103 detects that the message m4in which the ID of the application is described as a destination hasbeen registered in the shared memory 102, the application handler 103obtains the message m4 and causes an interrupt in processing of theapplication 101 to verify whether or not the electronic signature of theelectronically signed data MS of the obtained message m4 is valid.

That is, whether or not the public key that is provided an electronicsignature to the MS and the public key described in the public keycertificate judged to be valid above match is judged and, if they match,it is judged that the electronic signature attached to the data MSwritten in the message m4 is valid and, if they do not match, it isjudged that the electronic signature is invalid (S304). Then, a judgmentresult thereof is output to the display part (S305). Incidentally, it isassumed that, before invocating processing of the application handler 13is performed in S425, a request of a public key certificate and validityverification in S302 and S303 respectively have been completed.

With the above processing, an electronic signature is attached to datato be transmitted and validity of the electronic signature is verified,and then the user can perform transmission processing of data to which avalidated electronic signature is attached to any destination.

As mentioned above, an effect obtained by registering a message in theshared memory 102 from the application 101 and performing interruptprocessing freely by each handler monitoring the shared memory will bedescribed.

If the application 101 registers a message in the shared memory 102 and,after the registration, performs other processing, and each handlerperforms interrupt processing appropriately in accordance with eachmessage registered in the shared memory, there is no need for theapplication 101 to wait until a processing result of the messageregistered in the shared memory is received and the application 101 canperform other processing to achieve efficient processing.

1. A data processing apparatus comprising: a device for performingpredetermined specific processing; an application for performingprocessing using the device; a handler means for performing accessprocessing to the device; and a driver means for invoking the handlermeans according to an instruction from the application and notifying theapplication that the instruction has been accepted.
 2. The dataprocessing apparatus according to claim 1, further comprising: aplurality of handler means according to processing content; and astoring means for storing information representing a correspondencerelationship between a destination to which a message generated by theapplication or the device is to be transmitted and a handler means,wherein the driver means, when receiving a message generated by theapplication or the device, invokes the handler means corresponding tothe destination, based on a destination described in the message andinformation of the correspondence relationship stored in the storingmeans.
 3. The data processing apparatus according to claim 2, furthercomprising a communication means for transmitting and receiving themessage via a network, wherein a handler means invoked by the drivermeans transmits a message to a predetermined destination using thecommunication means.
 4. In a data processing method using a dataprocessing apparatus on a transmitting side having an application forperforming processing using a device, a driver means for accepting anaccess request to the device from the application, and a handler meansfor performing access processing to the device and transmitting amessage, and a data processing apparatus on a receiving side forreceiving a message transmitted from the data processing apparatus, thedata processing method comprising: a requesting step in which anapplication makes an access request to the device to the driver means;an invoking step in which the driver means invokes a handler means forperforming access processing to the device; a responding step in whichthe driver means responds to the access request of the application; aselecting step in which the driver means selects a handler means fromamong a plurality of handler means corresponding to the destination ifthe driver means obtains a message having the destination and data to betransmitted from the invoked handler means as a result of accessing tothe device; a transmitting step in which the selected handler meanstransmits the message to the destination, or the data processingapparatus on the receiving side; and a transferring step in which thedata processing apparatus on the receiving side transfers the receivedmessage to a device specified by a destination described in the receivedmessage.
 5. A data processing apparatus comprising: a shared memory forregistering a message to which a data destination is attached; anapplication for registering a message in the shared memory and, afterregistering the message, performing specific processing without waitingfor a response to the message registration; and a handler means foralways monitoring messages registered in the shared memory and, when amessage to which a specific data destination is attached is registered,retrieving the message to perform specific processing.
 6. A dataprocessing method, comprising: a registration step of registering amessage from an application in shared memory in which a message attachedwith a data destination is registered; a execution step in which theapplication, after the registration step, performs specific processingwithout waiting for a response to the message registration; and aretrieving step in which a handler means for monitoring messagesregistered in the shared memory, when judging that a message attachedwith a specific data destination has been registered in the sharedmemory, performs retrieving processing of the registered message.